Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 300286 Details for
Bug 440153
ipa-server-install no longer created named.conf when it's setting up bind
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
log file with successful named.conf creation.
IPA-server-log.txt (text/plain), 70.86 KB, created by
Michael Gregg
on 2008-04-03 17:22:31 UTC
(
hide
)
Description:
log file with successful named.conf creation.
Filename:
MIME Type:
Creator:
Michael Gregg
Created:
2008-04-03 17:22:31 UTC
Size:
70.86 KB
patch
obsolete
>+ /etc/init.d/ntpd stop >Shutting down ntpd: [FAILED] >+ /usr/sbin/ntpdate kerberos.sjc.redhat.com > 3 Apr 06:47:08 ntpdate[2305]: step time server 10.14.63.11 offset 24820.753414 sec >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ echo 'Killing yum-updatesd to prevent problems' >Killing yum-updatesd to prevent problems >+ /etc/init.d/yum-updatesd stop >Stopping yum-updatesd: [ OK ] >+ '[' -f /var/run/yum.pid ']' >+ cd /etc/yum.repos.d >+ wget http://apoc.dsdev.sjc.redhat.com/tet/results//FC7/i386/ipa.repo >--06:47:08-- http://apoc.dsdev.sjc.redhat.com/tet/results//FC7/i386/ipa.repo > => `ipa.repo' >Resolving apoc.dsdev.sjc.redhat.com... 10.14.1.32 >Connecting to apoc.dsdev.sjc.redhat.com|10.14.1.32|:80... connected. >HTTP request sent, awaiting response... 200 OK >Length: 126 [text/plain] > > 0K 100% 8.44 MB/s > >06:47:08 (8.44 MB/s) - `ipa.repo' saved [126/126] > >+ killall yum >yum: no process killed >+ yum -R 1 -y install yum-fastestmirror >ftp://mirror.cs.princeton.edu/pub/mirrors/fedora/linux/updates/7/i386/repodata/repomd.xml: [Errno 4] IOError: [Errno ftp error] 421 Sorry, mirror already has 28 users logged on. Try again in 10 minutes. >Trying other mirror. >Setting up Install Process >Parsing package install arguments >Resolving Dependencies >--> Running transaction check >---> Package yum-fastestmirror.noarch 0:1.1.11-1.fc7 set to be updated >--> Finished Dependency Resolution > >Dependencies Resolved > >============================================================================= > Package Arch Version Repository Size >============================================================================= >Installing: > yum-fastestmirror noarch 1.1.11-1.fc7 updates 9.1 k > >Transaction Summary >============================================================================= >Install 1 Package(s) >Update 0 Package(s) >Remove 0 Package(s) > >Total download size: 9.1 k >Downloading Packages: >Running rpm_check_debug >Running Transaction Test >Finished Transaction Test >Transaction Test Succeeded >Running Transaction > Installing: yum-fastestmirror ######################### [1/1] > >Installed: yum-fastestmirror.noarch 0:1.1.11-1.fc7 >Complete! >+ yum -R 1 -y update policycoreutils selinux-policy >Loading "fastestmirror" plugin >Determining fastest mirrors > * ipa: apoc.dsdev.sjc.redhat.com > * fedora: mirror.stanford.edu > * updates: mirror.stanford.edu >Setting up Update Process >Could not find update match for selinux-policy >Could not find update match for policycoreutils >No Packages marked for Update >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ yum -y install ipa-server ipa-admintools bind caching-nameserver expect >Loading "fastestmirror" plugin >Loading mirror speeds from cached hostfile > * ipa: apoc.dsdev.sjc.redhat.com > * fedora: mirror.stanford.edu > * updates: mirror.stanford.edu >Setting up Install Process >Parsing package install arguments >Resolving Dependencies >--> Running transaction check >---> Package bind.i386 31:9.4.2-3.fc7 set to be updated >---> Package ipa-admintools.noarch 0:0.99.0-1 set to be updated >--> Processing Dependency: ipa-python for package: ipa-admintools >--> Processing Dependency: python-krbV for package: ipa-admintools >---> Package caching-nameserver.i386 31:9.4.2-3.fc7 set to be updated >---> Package expect.i386 0:5.43.0-8 set to be updated >--> Processing Dependency: libtcl8.4.so for package: expect >---> Package ipa-server.i386 0:0.99.0-4 set to be updated >--> Processing Dependency: krb5-server-ldap for package: ipa-server >--> Processing Dependency: TurboGears for package: ipa-server >--> Processing Dependency: fedora-ds-base >= 1.1 for package: ipa-server >--> Processing Dependency: mod_python for package: ipa-server >--> Processing Dependency: python-tgexpandingformwidget for package: ipa-server >--> Processing Dependency: mod_nss >= 1.0.7-2 for package: ipa-server >--> Processing Dependency: mod_auth_kerb for package: ipa-server >--> Processing Dependency: httpd for package: ipa-server >--> Processing Dependency: openldap-clients for package: ipa-server >--> Processing Dependency: ipa-client for package: ipa-server >--> Processing Dependency: python-ldap for package: ipa-server >--> Processing Dependency: krb5-server for package: ipa-server >--> Processing Dependency: ipa-server-selinux for package: ipa-server >--> Processing Dependency: python-pyasn1 for package: ipa-server >--> Running transaction check >---> Package python-tgexpandingformwidget.noarch 0:0.1.3-5.fc7 set to be updated >---> Package ipa-python.noarch 0:0.99.0-1 set to be updated >--> Processing Dependency: python-kerberos for package: ipa-python >---> Package mod_nss.i386 0:1.0.7-2.fc7 set to be updated >---> Package python-krbV.i386 0:1.0.13-5.fc7 set to be updated >---> Package python-pyasn1.noarch 0:0.0.7a-4.fc7 set to be updated >---> Package mod_python.i386 0:3.3.1-3 set to be updated >---> Package ipa-client.i386 0:0.99.0-2 set to be updated >---> Package python-ldap.i386 0:2.3-1.fc7 set to be updated >---> Package TurboGears.noarch 0:1.0.4.2-3.fc7 set to be updated >--> Processing Dependency: python-tgfastdata for package: TurboGears >--> Processing Dependency: python-decoratortools >= 1.4 for package: TurboGears >--> Processing Dependency: python-sqlalchemy for package: TurboGears >--> Processing Dependency: python-turbokid >= 1.0.4 for package: TurboGears >--> Processing Dependency: python-sqlobject >= 0.8 for package: TurboGears >--> Processing Dependency: python-genshi >= 0.4.4 for package: TurboGears >--> Processing Dependency: python-nose >= 0.9.1 for package: TurboGears >--> Processing Dependency: python-ruledispatch for package: TurboGears >--> Processing Dependency: python-turbojson >= 1.1.2 for package: TurboGears >--> Processing Dependency: python-json >= 3.3 for package: TurboGears >--> Processing Dependency: python-turbocheetah >= 1.0 for package: TurboGears >--> Processing Dependency: python-setuptools >= 0.6c2 for package: TurboGears >--> Processing Dependency: python-simplejson >= 1.3 for package: TurboGears >--> Processing Dependency: python-cherrypy for package: TurboGears >--> Processing Dependency: python-paste-script >= 0.9.7 for package: TurboGears >--> Processing Dependency: python-kid >= 0.8 for package: TurboGears >--> Processing Dependency: python-psycopg2 for package: TurboGears >--> Processing Dependency: python-configobj >= 4.3.2 for package: TurboGears >--> Processing Dependency: python-formencode >= 0.7.1 for package: TurboGears >--> Processing Dependency: python-elixir >= 0.4.0 for package: TurboGears >---> Package ipa-server-selinux.noarch 0:0.99.0-1 set to be updated >---> Package krb5-server.i386 0:1.6.1-9.fc7 set to be updated >--> Processing Dependency: krb5-libs = 1.6.1-9.fc7 for package: krb5-server >---> Package fedora-ds-base.i386 0:1.1.0-3.fc7 set to be updated >---> Package mod_auth_kerb.i386 0:5.3-4.ipa set to be updated >---> Package tcl.i386 1:8.4.13-19.fc7 set to be updated >---> Package openldap-clients.i386 0:2.3.34-7.fc7 set to be updated >---> Package httpd.i386 0:2.2.8-1.fc7 set to be updated >--> Processing Dependency: libapr-1.so.0 for package: httpd >--> Processing Dependency: libaprutil-1.so.0 for package: httpd >---> Package krb5-server-ldap.i386 0:1.6.1-9.fc7 set to be updated >--> Running transaction check >---> Package apr-util.i386 0:1.2.10-1.fc7 set to be updated >---> Package python-nose.noarch 0:0.10.0-2.fc7 set to be updated >---> Package python-sqlobject.noarch 0:0.9.2-1.fc7 set to be updated >--> Processing Dependency: python-sqlite2 for package: python-sqlobject >---> Package python-turbojson.noarch 0:1.1.2-3.fc7 set to be updated >---> Package python-simplejson.i386 0:1.7.3-1.fc7 set to be updated >---> Package python-ruledispatch.i386 0:0.5a0-0.5.svnr2306.fc7 set to be updated >--> Processing Dependency: python-protocols >= 1.0 for package: python-ruledispatch >---> Package python-tgfastdata.noarch 0:0.9a6-6.fc7 set to be updated >---> Package python-setuptools.noarch 0:0.6c7-1.fc7 set to be updated >---> Package python-formencode.noarch 0:0.7.1-1.fc7 set to be updated >---> Package python-genshi.noarch 0:0.4.4-1.fc7 set to be updated >---> Package python-decoratortools.noarch 0:1.6-1.fc7 set to be updated >---> Package krb5-libs.i386 0:1.6.1-9.fc7 set to be updated >--> Processing Dependency: krb5-libs = 1.6.1-6.fc7 for package: krb5-devel >--> Processing Dependency: krb5-libs = 1.6.1-6.fc7 for package: krb5-workstation >---> Package python-turbokid.noarch 0:1.0.4-1.fc7 set to be updated >---> Package python-configobj.noarch 0:4.4.0-1.fc7 set to be updated >---> Package python-sqlalchemy.noarch 0:0.3.11-1.fc7 set to be updated >---> Package apr.i386 0:1.2.8-6 set to be updated >---> Package python-paste-script.noarch 0:1.3.6-1.fc7 set to be updated >--> Processing Dependency: python-cheetah for package: python-paste-script >--> Processing Dependency: python-paste-deploy for package: python-paste-script >--> Processing Dependency: python-paste for package: python-paste-script >---> Package python-cherrypy.noarch 0:2.3.0-3.fc7 set to be updated >---> Package python-elixir.noarch 0:0.5.0-1.fc7 set to be updated >---> Package python-json.noarch 0:3.4-3.fc7 set to be updated >---> Package python-kerberos.i386 0:1.0-5.fc7 set to be updated >---> Package python-turbocheetah.noarch 0:1.0-1.fc7 set to be updated >---> Package python-kid.noarch 0:0.9.6-1.fc7 set to be updated >---> Package python-psycopg2.i386 0:2.0.6-1.fc7 set to be updated >--> Processing Dependency: libpq.so.5 for package: python-psycopg2 >--> Processing Dependency: postgresql-libs for package: python-psycopg2 >--> Running transaction check >---> Package python-sqlite2.i386 1:2.3.3-1.fc7 set to be updated >---> Package python-paste-deploy.noarch 0:1.1-1.fc7 set to be updated >---> Package python-protocols.i386 0:1.0-0.6.a0dev_r2302.fc7 set to be updated >---> Package python-paste.noarch 0:1.4.2-1.fc7 set to be updated >---> Package krb5-workstation.i386 0:1.6.1-9.fc7 set to be updated >---> Package python-cheetah.i386 0:2.0.1-1.fc7 set to be updated >---> Package krb5-devel.i386 0:1.6.1-9.fc7 set to be updated >---> Package postgresql-libs.i386 0:8.2.7-1.fc7 set to be updated >--> Finished Dependency Resolution > >Dependencies Resolved > >============================================================================= > Package Arch Version Repository Size >============================================================================= >Installing: > caching-nameserver i386 31:9.4.2-3.fc7 updates 60 k > expect i386 5.43.0-8 fedora 262 k > ipa-server i386 0.99.0-4 ipa 525 k >Updating: > krb5-libs i386 1.6.1-9.fc7 updates 649 k >Installing for dependencies: > TurboGears noarch 1.0.4.2-3.fc7 updates 2.0 M > apr i386 1.2.8-6 fedora 124 k > apr-util i386 1.2.10-1.fc7 updates 77 k > bind i386 31:9.4.2-3.fc7 updates 1.6 M > fedora-ds-base i386 1.1.0-3.fc7 updates 1.6 M > httpd i386 2.2.8-1.fc7 updates 1.0 M > ipa-admintools noarch 0.99.0-1 ipa 34 k > ipa-client i386 0.99.0-2 ipa 33 k > ipa-python noarch 0.99.0-1 ipa 35 k > ipa-server-selinux noarch 0.99.0-1 ipa 17 k > krb5-server i386 1.6.1-9.fc7 updates 898 k > krb5-server-ldap i386 1.6.1-9.fc7 updates 118 k > mod_auth_kerb i386 5.3-4.ipa ipa 28 k > mod_nss i386 1.0.7-2.fc7 ipa 84 k > mod_python i386 3.3.1-3 fedora 334 k > openldap-clients i386 2.3.34-7.fc7 updates 179 k > postgresql-libs i386 8.2.7-1.fc7 updates 197 k > python-cheetah i386 2.0.1-1.fc7 updates 527 k > python-cherrypy noarch 2.3.0-3.fc7 updates 290 k > python-configobj noarch 4.4.0-1.fc7 fedora 216 k > python-decoratortools noarch 1.6-1.fc7 updates 25 k > python-elixir noarch 0.5.0-1.fc7 updates 78 k > python-formencode noarch 0.7.1-1.fc7 fedora 303 k > python-genshi noarch 0.4.4-1.fc7 updates 367 k > python-json noarch 3.4-3.fc7 fedora 28 k > python-kerberos i386 1.0-5.fc7 updates 19 k > python-kid noarch 0.9.6-1.fc7 updates 188 k > python-krbV i386 1.0.13-5.fc7 fedora 41 k > python-ldap i386 2.3-1.fc7 updates 127 k > python-nose noarch 0.10.0-2.fc7 updates 265 k > python-paste noarch 1.4.2-1.fc7 updates 645 k > python-paste-deploy noarch 1.1-1.fc7 fedora 45 k > python-paste-script noarch 1.3.6-1.fc7 updates 203 k > python-protocols i386 1.0-0.6.a0dev_r2302.fc7 fedora 200 k > python-psycopg2 i386 2.0.6-1.fc7 updates 89 k > python-pyasn1 noarch 0.0.7a-4.fc7 updates 62 k > python-ruledispatch i386 0.5a0-0.5.svnr2306.fc7 fedora 251 k > python-setuptools noarch 0.6c7-1.fc7 updates 470 k > python-simplejson i386 1.7.3-1.fc7 updates 79 k > python-sqlalchemy noarch 0.3.11-1.fc7 updates 1.1 M > python-sqlite2 i386 1:2.3.3-1.fc7 fedora 90 k > python-sqlobject noarch 0.9.2-1.fc7 updates 459 k > python-tgexpandingformwidget noarch 0.1.3-5.fc7 updates 11 k > python-tgfastdata noarch 0.9a6-6.fc7 fedora 22 k > python-turbocheetah noarch 1.0-1.fc7 updates 9.1 k > python-turbojson noarch 1.1.2-3.fc7 updates 14 k > python-turbokid noarch 1.0.4-1.fc7 updates 12 k > tcl i386 1:8.4.13-19.fc7 updates 1.8 M >Updating for dependencies: > krb5-devel i386 1.6.1-9.fc7 updates 1.1 M > krb5-workstation i386 1.6.1-9.fc7 updates 445 k > >Transaction Summary >============================================================================= >Install 51 Package(s) >Update 3 Package(s) >Remove 0 Package(s) > >Total download size: 19 M >Downloading Packages: >http://mirror.stanford.edu/fedora/linux/updates/7/i386/krb5-server-ldap-1.6.1-9.fc7.i386.rpm: [Errno 4] Socket Error: timed out >Trying other mirror. >http://mirror.stanford.edu/fedora/linux/releases/7/Everything/i386/os/Fedora/python-json-3.4-3.fc7.noarch.rpm: [Errno 12] Timeout: <urlopen error timed out> >Trying other mirror. >Running rpm_check_debug >Running Transaction Test >Finished Transaction Test >Transaction Test Succeeded >Running Transaction > Installing: python-setuptools ####################### [ 1/57] > Installing: python-formencode ####################### [ 2/57] > Installing: python-kid ####################### [ 3/57] > Installing: python-sqlalchemy ####################### [ 4/57] > Installing: python-paste ####################### [ 5/57] > Installing: python-paste-deploy ####################### [ 6/57] > Installing: python-elixir ####################### [ 7/57] > Installing: python-turbokid ####################### [ 8/57] > Installing: python-nose ####################### [ 9/57] > Installing: python-json ####################### [10/57] > Installing: python-cherrypy ####################### [11/57] > Installing: ipa-server-selinux ####################### [12/57] > Installing: python-configobj ####################### [13/57] > Installing: python-decoratortools ####################### [14/57] > Installing: python-genshi ####################### [15/57] > Installing: python-pyasn1 ####################### [16/57] > Installing: python-tgfastdata ####################### [17/57] > Installing: python-turbojson ####################### [18/57] > Installing: python-tgexpandingformwidget ####################### [19/57] > Updating : krb5-libs ####################### [20/57] > Installing: python-krbV ####################### [21/57] > Installing: krb5-server ####################### [22/57] > Installing: apr ####################### [23/57] > Installing: python-cheetah ####################### [24/57] > Installing: python-ldap ####################### [25/57] > Installing: apr-util ####################### [26/57] > Installing: httpd ####################### [27/57] > Installing: mod_nss ####################### [28/57] >mod_nss certificate database generated. > > > Installing: mod_python ####################### [29/57] > Installing: mod_auth_kerb ####################### [30/57] > Installing: krb5-server-ldap ####################### [31/57] > Installing: python-kerberos ####################### [32/57] > Installing: postgresql-libs ####################### [33/57] > Installing: python-psycopg2 ####################### [34/57] > Installing: openldap-clients ####################### [35/57] > Installing: tcl ####################### [36/57] > Installing: fedora-ds-base ####################### [37/57] > Installing: python-protocols ####################### [38/57] > Installing: python-ruledispatch ####################### [39/57] > Installing: python-sqlite2 ####################### [40/57] > Installing: python-simplejson ####################### [41/57] > Installing: bind ####################### [42/57] > Installing: expect ####################### [43/57] > Updating : krb5-workstation ####################### [44/57] > Updating : krb5-devel ####################### [45/57] > Installing: ipa-python ####################### [46/57] > Installing: ipa-admintools ####################### [47/57] > Installing: python-sqlobject ####################### [48/57] > Installing: python-paste-script ####################### [49/57] > Installing: python-turbocheetah ####################### [50/57] > Installing: TurboGears ####################### [51/57] > Installing: caching-nameserver ####################### [52/57] > Installing: ipa-client ####################### [53/57] > Installing: ipa-server ####################### [54/57] > Cleanup : krb5-workstation ####################### [55/57] > Cleanup : krb5-libs ####################### [56/57] > Cleanup : krb5-devel ####################### [57/57] > >Installed: caching-nameserver.i386 31:9.4.2-3.fc7 expect.i386 0:5.43.0-8 ipa-server.i386 0:0.99.0-4 >Dependency Installed: TurboGears.noarch 0:1.0.4.2-3.fc7 apr.i386 0:1.2.8-6 apr-util.i386 0:1.2.10-1.fc7 bind.i386 31:9.4.2-3.fc7 fedora-ds-base.i386 0:1.1.0-3.fc7 httpd.i386 0:2.2.8-1.fc7 ipa-admintools.noarch 0:0.99.0-1 ipa-client.i386 0:0.99.0-2 ipa-python.noarch 0:0.99.0-1 ipa-server-selinux.noarch 0:0.99.0-1 krb5-server.i386 0:1.6.1-9.fc7 krb5-server-ldap.i386 0:1.6.1-9.fc7 mod_auth_kerb.i386 0:5.3-4.ipa mod_nss.i386 0:1.0.7-2.fc7 mod_python.i386 0:3.3.1-3 openldap-clients.i386 0:2.3.34-7.fc7 postgresql-libs.i386 0:8.2.7-1.fc7 python-cheetah.i386 0:2.0.1-1.fc7 python-cherrypy.noarch 0:2.3.0-3.fc7 python-configobj.noarch 0:4.4.0-1.fc7 python-decoratortools.noarch 0:1.6-1.fc7 python-elixir.noarch 0:0.5.0-1.fc7 python-formencode.noarch 0:0.7.1-1.fc7 python-genshi.noarch 0:0.4.4-1.fc7 python-json.noarch 0:3.4-3.fc7 python-kerberos.i386 0:1.0-5.fc7 python-kid.noarch 0:0.9.6-1.fc7 python-krbV.i386 0:1.0.13-5.fc7 python-ldap.i386 0:2.3-1.fc7 python-nose.noarch 0:0.10.0-2.fc7 python-paste.noarch 0:1.4.2-1.fc7 python-paste-deploy.noarch 0:1.1-1.fc7 python-paste-script.noarch 0:1.3.6-1.fc7 python-protocols.i386 0:1.0-0.6.a0dev_r2302.fc7 python-psycopg2.i386 0:2.0.6-1.fc7 python-pyasn1.noarch 0:0.0.7a-4.fc7 python-ruledispatch.i386 0:0.5a0-0.5.svnr2306.fc7 python-setuptools.noarch 0:0.6c7-1.fc7 python-simplejson.i386 0:1.7.3-1.fc7 python-sqlalchemy.noarch 0:0.3.11-1.fc7 python-sqlite2.i386 1:2.3.3-1.fc7 python-sqlobject.noarch 0:0.9.2-1.fc7 python-tgexpandingformwidget.noarch 0:0.1.3-5.fc7 python-tgfastdata.noarch 0:0.9a6-6.fc7 python-turbocheetah.noarch 0:1.0-1.fc7 python-turbojson.noarch 0:1.1.2-3.fc7 python-turbokid.noarch 0:1.0.4-1.fc7 tcl.i386 1:8.4.13-19.fc7 >Updated: krb5-libs.i386 0:1.6.1-9.fc7 >Dependency Updated: krb5-devel.i386 0:1.6.1-9.fc7 krb5-workstation.i386 0:1.6.1-9.fc7 >Complete! >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ rpm -q mod_auth_kerb >+ grep ipa >mod_auth_kerb-5.3-4.ipa >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ /usr/sbin/ipa-server-install -U --hostname=ipaqavm.dsqa.sjc2.redhat.com -r DSQA.SJC2.REDHAT.COM -p Secret123 -P Secret123 -a Secret123 --setup-bind -u admin -d >root : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >root : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >root : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >root : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >root : DEBUG Configuring ntpd >root : DEBUG [1/4]: stopping ntpd >root : INFO ntpd is stopped > >root : INFO >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO Shutting down ntpd: [FAILED] > >root : INFO >root : DEBUG [2/4]: writing configuration >root : DEBUG Backing up system configuration file '/etc/ntp.conf' >root : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >root : DEBUG Backing up system configuration file '/etc/sysconfig/ntpd' >root : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >root : DEBUG [3/4]: configuring ntpd to start on boot >root : INFO ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off > >root : INFO >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO >root : INFO >root : DEBUG [4/4]: starting ntpd >root : INFO ntpd: Synchronizing with time server: [FAILED] >Starting ntpd: [ OK ] > >root : INFO >root : DEBUG done configuring ntpd. >root : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >root : DEBUG Configuring directory server: >root : DEBUG [1/16]: creating directory server user >root : DEBUG adding ds user admin >root : INFO >root : INFO >root : DEBUG done adding user >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : DEBUG [2/16]: creating directory server instance >root : INFO >root : INFO >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : DEBUG >dn: dc=dsqa,dc=sjc2,dc=redhat,dc=com >objectClass: top >objectClass: domain >objectClass: pilotObject >dc: dsqa >info: IPA V1.0 > >root : DEBUG writing inf template >root : DEBUG >[General] >FullMachineName= ipaqavm.dsqa.sjc2.redhat.com >SuiteSpotUserID= admin >ServerRoot= /usr/lib/dirsrv >[slapd] >ServerPort= 389 >ServerIdentifier= DSQA-SJC2-REDHAT-COM >Suffix= dc=dsqa,dc=sjc2,dc=redhat,dc=com >RootDN= cn=Directory Manager >InstallLdifFile= /var/lib/dirsrv/boot.ldif > >root : DEBUG calling setup-ds.pl >root : INFO [08/04/03:06:51:32] - [Setup] Info Your new DS instance 'DSQA-SJC2-REDHAT-COM' was successfully created. >Your new DS instance 'DSQA-SJC2-REDHAT-COM' was successfully created. >[08/04/03:06:51:32] - [Setup] Success Exiting . . . >Log file is '-' > >Exiting . . . >Log file is '-' > > >root : INFO >root : DEBUG completed creating ds instance >root : DEBUG restarting ds instance >root : INFO Shutting down dirsrv: > DSQA-SJC2-REDHAT-COM...[ OK ] >Starting dirsrv: > DSQA-SJC2-REDHAT-COM...[ OK ] > >root : INFO >root : DEBUG done restarting ds instance >root : DEBUG [3/16]: adding default schema >root : DEBUG [4/16]: enabling memberof plugin >root : INFO add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa-memberof >add nsslapd-pluginpath: > libipa-memberof-plugin >add nsslapd-plugininitfunc: > ipamo_postop_init >add nsslapd-plugintype: > postoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > memberof >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat >add nsslapd-plugindescription: > Memberof plugin >adding new entry "cn=ipa-memberof,cn=plugins,cn=config" >modify complete > > >root : INFO ldap_initialize( ldap://127.0.0.1 ) > >root : DEBUG [5/16]: enabling referential integrity plugin >root : INFO replace nsslapd-pluginenabled: > on >add nsslapd-pluginArg7: > manager >add nsslapd-pluginArg8: > secretary >modifying entry "cn=referential integrity postoperation,cn=plugins,cn=config" >modify complete > > >root : INFO ldap_initialize( ldap://127.0.0.1 ) > >root : DEBUG [6/16]: enabling distributed numeric assignment plugin >root : INFO add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa-dna >add nsslapd-pluginpath: > libipa-dna-plugin >add nsslapd-plugininitfunc: > ipa_dna_init >add nsslapd-plugintype: > preoperation >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa-dna >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > Red Hat >add nsslapd-plugindescription: > IPA Distributed numeric assignment plugin >adding new entry "cn=ipa-dna,cn=plugins,cn=config" >modify complete > > >root : INFO ldap_initialize( ldap://127.0.0.1 ) > >root : DEBUG [7/16]: configuring uniqueness plugin >root : INFO add objectClass: > top > nsSlapdPlugin > extensibleObject >add cn: > krbPrincipalName uniqueness >add nsslapd-pluginPath: > libattr-unique-plugin >add nsslapd-pluginInitfunc: > NSUniqueAttr_Init >add nsslapd-pluginType: > preoperation >add nsslapd-pluginEnabled: > on >add nsslapd-pluginarg0: > krbPrincipalName >add nsslapd-pluginarg1: > dc=dsqa,dc=sjc2,dc=redhat,dc=com >add nsslapd-plugin-depends-on-type: > database >add nsslapd-pluginId: > NSUniqueAttr >add nsslapd-pluginVersion: > 1.1.0 >add nsslapd-pluginVendor: > Fedora Project >add nsslapd-pluginDescription: > Enforce unique attribute values >adding new entry "cn=krbPrincipalName uniqueness,cn=plugins,cn=config" >modify complete > > >root : INFO ldap_initialize( ldap://127.0.0.1 ) > >root : DEBUG [8/16]: creating indices >root : INFO add objectClass: > top > nsIndex >add cn: > krbPrincipalName >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=krbPrincipalName,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > ou >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=ou,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > carLicense >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=carLicense,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > title >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=title,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > manager >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=manager,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > secretary >add nsSystemIndex: > false >add nsIndexType: > eq >adding new entry "cn=secretary,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add objectClass: > top > nsIndex >add cn: > displayname >add nsSystemIndex: > false >add nsIndexType: > eq > sub >adding new entry "cn=displayname,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > >add nsIndexType: > sub >modifying entry "cn=uid,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config" >modify complete > > >root : INFO ldap_initialize( ldap://127.0.0.1 ) > >root : DEBUG [9/16]: configuring ssl for ds instance >root : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >root : INFO >root : INFO >root : INFO >root : INFO > >Generating key. This may take a few moments... > > >root : INFO >root : INFO > >Generating key. This may take a few moments... > > >root : INFO >root : INFO >root : INFO pk12util: PKCS12 EXPORT SUCCESSFUL > >root : INFO >root : INFO >root : INFO > >Generating key. This may take a few moments... > > >root : INFO >root : INFO >root : DEBUG [10/16]: configuring certmap.conf >root : DEBUG [11/16]: restarting directory server >root : INFO Shutting down dirsrv: > DSQA-SJC2-REDHAT-COM...[ OK ] >Starting dirsrv: > DSQA-SJC2-REDHAT-COM...[ OK ] > >root : INFO >root : DEBUG [12/16]: adding default layout >root : INFO add objectClass: > top > nsContainer > krbPwdPolicy >add cn: > accounts >add krbMinPwdLife: > 3600 >add krbPwdMinDiffChars: > 0 >add krbPwdMinLength: > 8 >add krbPwdHistoryLength: > 0 >add krbMaxPwdLife: > 7776000 >adding new entry "cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > top > nsContainer >add cn: > users >adding new entry "cn=users,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > top > nsContainer >add cn: > groups >adding new entry "cn=groups,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > top > nsContainer >add cn: > services >adding new entry "cn=services,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > top > nsContainer >add cn: > computers >adding new entry "cn=computers,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > nsContainer > top >add cn: > etc >adding new entry "cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > nsContainer > top >add cn: > sysaccounts >adding new entry "cn=sysaccounts,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > nsContainer > top >add cn: > ipa >adding new entry "cn=ipa,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > nsContainer > top >add cn: > masters >adding new entry "cn=masters,cn=ipa,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > top > person > posixAccount > KrbPrincipalAux > inetUser >add uid: > admin >add krbPrincipalName: > admin@DSQA.SJC2.REDHAT.COM >add cn: > Administrator >add sn: > Administrator >add uidNumber: > 999 >add gidNumber: > 1001 >add homeDirectory: > /home/admin >add loginShell: > /bin/bash >add gecos: > Administrator >add nsAccountLock: > False >adding new entry "uid=admin,cn=sysaccounts,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > nsContainer > top >add cn: > radius >adding new entry "cn=radius,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > nsContainer > top >add cn: > clients >adding new entry "cn=clients,cn=radius,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > nsContainer > top >add cn: > profiles >adding new entry "cn=profiles,cn=radius,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > top > radiusprofile >add uid: > ipa_default >adding new entry "uid=ipa_default, cn=profiles,cn=radius,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > top > groupofnames > posixGroup >add cn: > admins >add description: > Account administrators group >add gidNumber: > 1001 >add member: > uid=admin,cn=sysaccounts,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com >add nsAccountLock: > False >adding new entry "cn=admins,cn=groups,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > top > groupofnames > posixGroup >add gidNumber: > 1002 >add description: > Default group for all users >add cn: > ipausers >adding new entry "cn=ipausers,cn=groups,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > top > groupofnames > posixGroup >add gidNumber: > 1003 >add description: > Limited admins who can edit other users >add cn: > editors >adding new entry "cn=editors,cn=groups,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > nsContainer > top > ipaGuiConfig >add ipaUserSearchFields: > uid,givenName,sn,telephoneNumber,ou,title >add ipaGroupSearchFields: > cn,description >add ipaSearchTimeLimit: > 2 >add ipaSearchRecordsLimit: > 0 >add ipaHomesRootDir: > /home >add ipaDefaultLoginShell: > /bin/sh >add ipaDefaultPrimaryGroup: > ipausers >add ipaMaxUsernameLength: > 8 >add ipaPwdExpAdvNotify: > 4 >add ipaGroupObjectClasses: > top > groupofnames > posixGroup > inetUser >add ipaUserObjectClasses: > top > person > organizationalPerson > inetOrgPerson > inetUser > posixAccount > krbPrincipalAux > radiusprofile >add ipaDefaultEmailDomain: > dsqa.sjc2.redhat.com >adding new entry "cn=ipaConfig,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add description: > Lock accounts based on group membership >add objectClass: > top > ldapsubentry > cosSuperDefinition > cosClassicDefinition >add cosTemplateDn: > cn=cosTemplates,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com >add cosAttribute: > nsAccountLock operational >add cosSpecifier: > memberOf >add cn: > Account Inactivation >adding new entry "cn=account inactivation,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectclass: > top > nsContainer >add cn: > cosTemplates >adding new entry "cn=cosTemplates,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > top > cosTemplate > extensibleobject >add nsAccountLock: > true >add cosPriority: > 1 >adding new entry "cn="cn=inactivated,cn=account inactivation,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com", cn=cosTemplates,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectclass: > top > groupofnames >adding new entry "cn=inactivated,cn=account inactivation,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > top > cosTemplate > extensibleobject >add nsAccountLock: > false >add cosPriority: > 0 >adding new entry "cn="cn=activated,cn=account inactivation,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com", cn=cosTemplates,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectclass: > top > groupofnames >adding new entry "cn=Activated,cn=Account Inactivation,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > > >root : INFO ldap_initialize( ldap://127.0.0.1 ) > >root : DEBUG [13/16]: configuring Posix uid/gid generation as first master >root : INFO add objectclass: > top > nsContainer > extensibleObject >add cn: > Posix >adding new entry "cn=Posix,cn=ipa-dna,cn=plugins,cn=config" >modify complete > >add objectclass: > top > extensibleObject >add cn: > Accounts >add dnaType: > uidNumber >add dnaNextValue: > 1100 >add dnaInterval: > 4 >add dnaMagicRegen: > 999 >add dnaFilter: > (objectclass=posixAccount) >add dnaScope: > dc=dsqa,dc=sjc2,dc=redhat,dc=com >adding new entry "cn=Accounts,cn=Posix,cn=ipa-dna,cn=plugins,cn=config" >modify complete > >add objectclass: > top > extensibleObject >add cn: > Groups >add dnaType: > gidNumber >add dnaNextValue: > 1100 >add dnaInterval: > 4 >add dnaMagicRegen: > 999 >add dnaFilter: > (objectclass=posixGroup) >add dnaScope: > dc=dsqa,dc=sjc2,dc=redhat,dc=com >adding new entry "cn=Groups,cn=Posix,cn=ipa-dna,cn=plugins,cn=config" >modify complete > > >root : INFO ldap_initialize( ldap://127.0.0.1 ) > >root : DEBUG [14/16]: adding master entry as first master >root : INFO add objectclass: > top > extensibleObject >add cn: > ipaqavm.dsqa.sjc2.redhat.com >add dnabase: > 1100 >add dnainterval: > 4 >adding new entry "cn=ipaqavm.dsqa.sjc2.redhat.com,cn=masters,cn=ipa,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > > >root : INFO ldap_initialize( ldap://127.0.0.1 ) > >root : DEBUG [15/16]: initializing group membership >root : INFO add objectClass: > top > extensibleObject >add cn: > IPA install >add basedn: > dc=dsqa,dc=sjc2,dc=redhat,dc=com >add filter: > (objectclass=*) >add ttl: > 10 >adding new entry "cn=IPA install 1207230688, cn=memberof task, cn=tasks, cn=config" >modify complete > > >root : INFO ldap_initialize( ldap://127.0.0.1 ) > >root : DEBUG [16/16]: configuring directory to start on boot >root : INFO dirsrv 0:off 1:off 2:off 3:off 4:off 5:off 6:off > >root : INFO >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO >root : INFO >root : DEBUG done configuring dirsrv. >root : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >root : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO krb5kdc is stopped > >root : INFO >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO Stopping Kerberos 5 KDC: [FAILED] > >root : INFO >root : DEBUG Configuring Kerberos KDC >root : DEBUG [1/12]: setting KDC account password >root : DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/ldappwd' >root : DEBUG -> Not backing up - '/var/kerberos/krb5kdc/ldappwd' doesn't exist >root : DEBUG [2/12]: adding sasl mappings to the directory >root : DEBUG [3/12]: adding kerberos entries to the DS >root : INFO add objectclass: > account > simplesecurityobject >add uid: > kdc >add userPassword: > SEQJOTFLEKFK >adding new entry "uid=kdc,cn=sysaccounts,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add objectClass: > krbContainer > top >add cn: > kerberos >add aci: > (targetattr="*")(version 3.0; acl "KDC System Account"; allow (all) userdn= "ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) >adding new entry "cn=kerberos,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > > >root : INFO ldap_initialize( ldap://127.0.0.1 ) > >root : DEBUG [4/12]: adding default ACIs >root : INFO add aci: > (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Enable Anonymous access"; allow (read, search, compare) userdn = "ldap:///anyone";) > (targetattr != "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Admin can manage any entry"; allow (all) userdn = "ldap:///uid=admin,cn=sysaccounts,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) > (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword")(version 3.0; acl "Self can write own password"; allow (write) userdn="ldap:///self";) > (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Admins can write passwords"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) > (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Password change service can read/write passwords"; allow (read, write) userdn="ldap:///krbprincipalname=kadmin/changepw@DSQA.SJC2.REDHAT.COM,cn=DSQA.SJC2.REDHAT.COM,cn=kerberos,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) > (targetattr = "userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "KDC System Account can access passwords"; allow (all) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) > (targetattr = "krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount")(version 3.0; acl "KDC System Account can update some fields"; allow (write) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) > (targetattr = "krbPrincipalName || krbUPEnabled || krbMKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData || krbLastSuccessfulAuth || krbLastFailedAuth || krbLoginFailedCount")(version 3.0; acl "Only the KDC System Account has access to kerberos material"; allow (read, search, compare) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) > (targetfilter = "(|(objectClass=person)(objectClass=krbPrincipalAux)(objectClass=posixAccount)(objectClass=groupOfNames)(objectClass=posixGroup))")(targetattr != "aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add, delete, read, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) > (targetfilter = "(objectClass=krbPwdPolicy)")(targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policies"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) > (targetattr = "givenName || sn || cn || displayName || title || initials || loginShell || gecos || homePhone || mobile || pager || facsimileTelephoneNumber || telephoneNumber || street || roomNumber || l || st || postalCode || manager || secretary || description || carLicense || labeledURI || inetUserHTTPURL || seeAlso || employeeType || businessCategory || ou")(version 3.0;acl "Self service";allow (write) userdn = "ldap:///self";) >modifying entry "dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add aci: > (targetfilter = "(objectClass=ipaGuiConfig)")(targetattr != "aci")(version 3.0;acl "Admins can change GUI config"; allow (read, search, compare, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) >modifying entry "cn=ipaConfig,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add aci: > (targetattr = "krbMaxPwdLife || krbMinPwdLife || krbPwdMinDiffChars || krbPwdMinLength || krbPwdHistoryLength")(version 3.0;acl "Admins can write password policy"; allow (write) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) > (targetattr = "aci")(version 3.0;acl "Admins can manage delegations"; allow (write, delete) groupdn="ldap:///cn=admins,cn=groups,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) >modifying entry "cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add aci: > (targetattr = "*")(version 3.0; acl "Only radius and admin can access radius service data"; deny (all) userdn!="ldap:///uid=admin,cn=sysaccounts,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com || ldap:///krbprincipalname=radius/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM,cn=DSQA.SJC2.REDHAT.COM,cn=kerberos,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) > (targetfilter = "(objectClass=radiusprofile)")(targetattr != "aci || userPassword || krbPrincipalKey || sambaLMPassword || sambaNTPassword || passwordHistory")(version 3.0; acl "Account Admins can manage Users and Groups"; allow (add, delete, read, write) groupdn = "ldap:///cn=admins,cn=groups,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) >modifying entry "cn=radius,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > >add aci: > (targetattr="krbPrincipalName || krbUPEnabled || krbPrincipalKey || krbTicketPolicyReference || krbPrincipalExpiration || krbPasswordExpiration || krbPwdPolicyReference || krbPrincipalType || krbPwdHistory || krbLastPwdChange || krbPrincipalAliases || krbExtraData")(version 3.0; acl "KDC System Account"; allow (read, search, compare, write) userdn="ldap:///uid=kdc,cn=sysaccounts,cn=etc,dc=dsqa,dc=sjc2,dc=redhat,dc=com";) >modifying entry "cn=services,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > > >root : INFO ldap_initialize( ldap://127.0.0.1 ) > >root : DEBUG [5/12]: configuring KDC >root : DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kdc.conf' >root : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >root : DEBUG Backing up system configuration file '/etc/krb5.conf' >root : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >root : DEBUG Backing up system configuration file '/usr/share/ipa/html/krb5.ini' >root : DEBUG -> Not backing up - '/usr/share/ipa/html/krb5.ini' doesn't exist >root : DEBUG Backing up system configuration file '/usr/share/ipa/html/krb.con' >root : DEBUG -> Not backing up - '/usr/share/ipa/html/krb.con' doesn't exist >root : DEBUG Backing up system configuration file '/usr/share/ipa/html/krbrealm.con' >root : DEBUG -> Not backing up - '/usr/share/ipa/html/krbrealm.con' doesn't exist >root : INFO Initializing database for realm 'DSQA.SJC2.REDHAT.COM' > >root : INFO >root : DEBUG [6/12]: adding default keytypes >root : INFO add krbSupportedEncSaltTypes: > aes256-cts:normal > aes128-cts:normal > des3-hmac-sha1:normal > arcfour-hmac:normal > des-hmac-sha1:normal > des-cbc-md5:normal > des-cbc-crc:normal > des-cbc-crc:v4 > des-cbc-crc:afs3 >add krbDefaultEncSaltTypes: > aes256-cts:normal > aes128-cts:normal > des3-hmac-sha1:normal > arcfour-hmac:normal > des-hmac-sha1:normal > des-cbc-md5:normal >modifying entry "cn=DSQA.SJC2.REDHAT.COM,cn=kerberos,dc=dsqa,dc=sjc2,dc=redhat,dc=com" >modify complete > > >root : INFO ldap_initialize( ldap://127.0.0.1 ) > >root : DEBUG [7/12]: creating a keytab for the directory >root : INFO Authenticating as principal root/admin@DSQA.SJC2.REDHAT.COM with password. >Principal "ldap/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM" created. > >root : INFO WARNING: no policy specified for ldap/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM; defaulting to no policy > >root : DEBUG Backing up system configuration file '/etc/dirsrv/ds.keytab' >root : DEBUG -> Not backing up - '/etc/dirsrv/ds.keytab' doesn't exist >root : INFO Authenticating as principal root/admin@DSQA.SJC2.REDHAT.COM with password. >Entry for principal ldap/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/dirsrv/ds.keytab. >Entry for principal ldap/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/dirsrv/ds.keytab. > >root : INFO >root : DEBUG Backing up system configuration file '/etc/sysconfig/dirsrv' >root : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >root : DEBUG [8/12]: creating a keytab for the machine >root : INFO Authenticating as principal root/admin@DSQA.SJC2.REDHAT.COM with password. >Principal "host/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM" created. > >root : INFO WARNING: no policy specified for host/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM; defaulting to no policy > >root : DEBUG Backing up system configuration file '/etc/krb5.keytab' >root : DEBUG -> Not backing up - '/etc/krb5.keytab' doesn't exist >root : INFO Authenticating as principal root/admin@DSQA.SJC2.REDHAT.COM with password. >Entry for principal host/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/krb5.keytab. >Entry for principal host/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/krb5.keytab. > >root : INFO >root : DEBUG [9/12]: exporting the kadmin keytab >root : INFO Authenticating as principal root/admin@DSQA.SJC2.REDHAT.COM with password. >Principal "kadmin/changepw@DSQA.SJC2.REDHAT.COM" modified. > >root : INFO >root : DEBUG Backing up system configuration file '/var/kerberos/krb5kdc/kpasswd.keytab' >root : DEBUG -> Not backing up - '/var/kerberos/krb5kdc/kpasswd.keytab' doesn't exist >root : INFO Authenticating as principal root/admin@DSQA.SJC2.REDHAT.COM with password. >Entry for principal kadmin/changepw with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/var/kerberos/krb5kdc/kpasswd.keytab. >Entry for principal kadmin/changepw with kvno 2, encryption type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/var/kerberos/krb5kdc/kpasswd.keytab. >Entry for principal kadmin/changepw with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kpasswd.keytab. >Entry for principal kadmin/changepw with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/var/kerberos/krb5kdc/kpasswd.keytab. >Entry for principal kadmin/changepw with kvno 2, encryption type DES with HMAC/sha1 added to keytab WRFILE:/var/kerberos/krb5kdc/kpasswd.keytab. >Entry for principal kadmin/changepw with kvno 2, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/var/kerberos/krb5kdc/kpasswd.keytab. > >root : INFO >root : DEBUG Backing up system configuration file '/etc/sysconfig/ipa_kpasswd' >root : DEBUG -> Not backing up - '/etc/sysconfig/ipa_kpasswd' doesn't exist >root : DEBUG [10/12]: adding the password extenstion to the directory >root : INFO add objectclass: > top > nsSlapdPlugin > extensibleObject >add cn: > ipa_pwd_extop >add nsslapd-pluginpath: > libipa_pwd_extop >add nsslapd-plugininitfunc: > ipapwd_init >add nsslapd-plugintype: > extendedop >add nsslapd-pluginenabled: > on >add nsslapd-pluginid: > ipa_pwd_extop >add nsslapd-pluginversion: > 1.0 >add nsslapd-pluginvendor: > RedHat >add nsslapd-plugindescription: > Support saving passwords in multiple formats for different consumers (krb5, samba, freeradius, etc.) >add nsslapd-plugin-depends-on-type: > database >add nsslapd-realmTree: > dc=dsqa,dc=sjc2,dc=redhat,dc=com >adding new entry "cn=ipa_pwd_extop,cn=plugins,cn=config" >modify complete > > >root : INFO ldap_initialize( ldap://127.0.0.1 ) > >root : DEBUG [11/12]: starting the KDC >root : INFO Starting Kerberos 5 KDC: [ OK ] > >root : INFO >root : DEBUG [12/12]: configuring KDC to start on boot >root : INFO krb5kdc 0:off 1:off 2:off 3:off 4:off 5:off 6:off > >root : INFO >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO >root : INFO >root : DEBUG done configuring krb5kdc. >root : DEBUG Configuring ipa_kpasswd >root : DEBUG [1/2]: starting ipa_kpasswd >root : INFO ipa_kpasswd is stopped > >root : INFO >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO Shutting down ipa_kpasswd: [FAILED] >Starting ipa_kpasswd: [ OK ] > >root : INFO >root : DEBUG [2/2]: configuring ipa_kpasswd to start on boot >root : INFO >root : INFO >root : INFO ipa_kpasswd 0:off 1:off 2:off 3:off 4:off 5:off 6:off > >root : INFO >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO >root : INFO >root : DEBUG done configuring ipa_kpasswd. >root : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >root : DEBUG Configuring the web interface >root : DEBUG [1/10]: disabling mod_ssl in httpd >root : DEBUG [2/10]: Setting mod_nss port to 443 >root : DEBUG Backing up system configuration file '/etc/httpd/conf.d/nss.conf' >root : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >root : DEBUG [3/10]: Adding URL rewriting rules >root : DEBUG [4/10]: configuring httpd >root : DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa.conf' >root : DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa.conf' doesn't exist >root : DEBUG Backing up system configuration file '/etc/httpd/conf.d/ipa-rewrite.conf' >root : DEBUG -> Not backing up - '/etc/httpd/conf.d/ipa-rewrite.conf' doesn't exist >root : DEBUG [5/10]: creating a keytab for httpd >root : INFO Authenticating as principal root/admin@DSQA.SJC2.REDHAT.COM with password. >Principal "HTTP/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM" created. > >root : INFO WARNING: no policy specified for HTTP/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM; defaulting to no policy > >root : INFO Authenticating as principal root/admin@DSQA.SJC2.REDHAT.COM with password. >Entry for principal HTTP/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/httpd/conf/ipa.keytab. >Entry for principal HTTP/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/httpd/conf/ipa.keytab. >Entry for principal HTTP/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/httpd/conf/ipa.keytab. >Entry for principal HTTP/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/httpd/conf/ipa.keytab. >Entry for principal HTTP/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type DES with HMAC/sha1 added to keytab WRFILE:/etc/httpd/conf/ipa.keytab. >Entry for principal HTTP/ipaqavm.dsqa.sjc2.redhat.com@DSQA.SJC2.REDHAT.COM with kvno 3, encryption type DES cbc mode with RSA-MD5 added to keytab WRFILE:/etc/httpd/conf/ipa.keytab. > >root : INFO >root : DEBUG [6/10]: Setting up ssl >root : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >root : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >root : INFO >root : INFO >root : INFO >root : INFO >root : INFO >root : INFO > >Generating key. This may take a few moments... > > >root : INFO >root : INFO >root : INFO >root : INFO > >Generating key. This may take a few moments... > > >root : INFO >root : INFO >root : DEBUG [7/10]: Setting up browser autoconfig >root : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >root : DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index' >root : INFO using certificate directory: /etc/httpd/alias >Generating /tmp/tmp-lZyoqZ/META-INF/manifest.mf file.. >--> preferences.html >adding /tmp/tmp-lZyoqZ/preferences.html to /usr/share/ipa/html/configure.jar...(deflated 52%) >Generating zigbert.sf file.. >adding /tmp/tmp-lZyoqZ/META-INF/manifest.mf to /usr/share/ipa/html/configure.jar...(deflated 15%) >adding /tmp/tmp-lZyoqZ/META-INF/zigbert.sf to /usr/share/ipa/html/configure.jar...(deflated 26%) >adding /tmp/tmp-lZyoqZ/META-INF/zigbert.rsa to /usr/share/ipa/html/configure.jar...(deflated 16%) >tree "/tmp/tmp-lZyoqZ" signed successfully > >root : INFO >root : DEBUG [8/10]: configuring SELinux for httpd >root : INFO >root : INFO >root : INFO >root : INFO >root : DEBUG [9/10]: restarting httpd >root : INFO httpd is stopped > >root : INFO >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO Stopping httpd: [FAILED] >Starting httpd: [ OK ] > >root : INFO >root : DEBUG [10/10]: configuring httpd to start on boot >root : INFO httpd (pid 3168) is running... > >root : INFO >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO >root : INFO >root : DEBUG done configuring httpd. >root : DEBUG Loading StateFile from '/var/lib/ipa/sysrestore/sysrestore.state' >root : DEBUG Configuring ipa_webgui >root : DEBUG [1/2]: starting ipa_webgui >root : INFO ipa_webgui is stopped > >root : INFO >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO Shutting down ipa_webgui: [FAILED] >Starting ipa_webgui: [ OK ] > >root : INFO >root : DEBUG [2/2]: configuring ipa_webgui to start on boot >root : INFO >root : INFO >root : INFO ipa_webgui 0:off 1:off 2:off 3:off 4:off 5:off 6:off > >root : INFO >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO >root : INFO >root : DEBUG done configuring ipa_webgui. >root : INFO Stopping named: [FAILED] > >root : INFO >root : DEBUG Configuring bind: >root : DEBUG [1/5]: Setting up our zone >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : DEBUG Backing up system configuration file '/var/named/dsqa.sjc2.redhat.com.zone.db' >root : DEBUG -> Not backing up - '/var/named/dsqa.sjc2.redhat.com.zone.db' doesn't exist >root : DEBUG [2/5]: Setting up named.conf >root : DEBUG Backing up system configuration file '/etc/named.conf' >root : DEBUG -> Not backing up - '/etc/named.conf' doesn't exist >root : DEBUG [3/5]: restarting named >root : INFO >root : INFO rndc: connect failed: 127.0.0.1#953: connection refused > >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO Stopping named: [FAILED] >Starting named: [ OK ] > >root : INFO >root : DEBUG [4/5]: configuring named to start on boot >root : INFO number of zones: 16 >debug level: 0 >xfers running: 0 >xfers deferred: 0 >soa queries in progress: 0 >query logging is OFF >recursive clients: 0/0/1000 >tcp clients: 0/100 >server is up and running > >root : INFO >root : DEBUG Saving StateFile to '/var/lib/ipa/sysrestore/sysrestore.state' >root : INFO >root : INFO >root : DEBUG [5/5]: Changing resolve.conf to point to ourselves >root : DEBUG Backing up system configuration file '/etc/resolve.conf' >root : DEBUG -> Not backing up - '/etc/resolve.conf' doesn't exist >root : DEBUG done configuring named. >root : DEBUG restarting the directory server >root : INFO Shutting down dirsrv: > DSQA-SJC2-REDHAT-COM...[ OK ] >Starting dirsrv: > DSQA-SJC2-REDHAT-COM...[ OK ] > >root : INFO >root : DEBUG restarting the KDC >root : INFO Stopping Kerberos 5 KDC: [ OK ] >Starting Kerberos 5 KDC: [ OK ] > >root : INFO >root : DEBUG Changing admin password >root : INFO >root : INFO ldappasswd: password successfully changed > >root : DEBUG ldappasswd done >root : DEBUG Backing up system configuration file '/etc/ipa/ipa.conf' >root : DEBUG Saving Index File to '/var/lib/ipa/sysrestore/sysrestore.index' >root : INFO Discovery was successful! >Realm: DSQA.SJC2.REDHAT.COM >DNS Domain: dsqa.sjc2.redhat.com >IPA Server: ipaqavm.dsqa.sjc2.redhat.com >BaseDN: dc=dsqa,dc=sjc2,dc=redhat,dc=com > > >Created /etc/ipa/ipa.conf >Configured /etc/ldap.conf >LDAP enabled >Kerberos 5 enabled >Client configuration complete. > >root : INFO >root : INFO ntpd (pid 2676) is running... > >root : INFO > >The log file for this installation can be found in /var/log/ipaserver-install.log >============================================================================== >This program will setup the FreeIPA Server. > >This includes: > * Configure the Network Time Daemon (ntpd) > * Create and configure an instance of Directory Server > * Create and configure a Kerberos Key Distribution Center (KDC) > * Configure Apache (httpd) > * Configure TurboGears > >To accept the default shown in brackets, press the Enter key. > >The domain name has been calculated based on the host name. > >The IPA Master Server will be configured with >Hostname: ipaqavm.dsqa.sjc2.redhat.com >IP address: 10.14.0.110 >Domain name: dsqa.sjc2.redhat.com > >Configuring ntpd > [1/4]: stopping ntpd > [2/4]: writing configuration > [3/4]: configuring ntpd to start on boot > [4/4]: starting ntpd >done configuring ntpd. >Configuring directory server: > [1/16]: creating directory server user > [2/16]: creating directory server instance > [3/16]: adding default schema > [4/16]: enabling memberof plugin > [5/16]: enabling referential integrity plugin > [6/16]: enabling distributed numeric assignment plugin > [7/16]: configuring uniqueness plugin > [8/16]: creating indices > [9/16]: configuring ssl for ds instance > [10/16]: configuring certmap.conf > [11/16]: restarting directory server > [12/16]: adding default layout > [13/16]: configuring Posix uid/gid generation as first master > [14/16]: adding master entry as first master > [15/16]: initializing group membership > [16/16]: configuring directory to start on boot >done configuring dirsrv. >Configuring Kerberos KDC > [1/12]: setting KDC account password > [2/12]: adding sasl mappings to the directory > [3/12]: adding kerberos entries to the DS > [4/12]: adding default ACIs > [5/12]: configuring KDC > [6/12]: adding default keytypes > [7/12]: creating a keytab for the directory > [8/12]: creating a keytab for the machine > [9/12]: exporting the kadmin keytab > [10/12]: adding the password extenstion to the directory > [11/12]: starting the KDC > [12/12]: configuring KDC to start on boot >done configuring krb5kdc. >Configuring ipa_kpasswd > [1/2]: starting ipa_kpasswd > [2/2]: configuring ipa_kpasswd to start on boot >done configuring ipa_kpasswd. >Configuring the web interface > [1/10]: disabling mod_ssl in httpd > [2/10]: Setting mod_nss port to 443 > [3/10]: Adding URL rewriting rules > [4/10]: configuring httpd > [5/10]: creating a keytab for httpd > [6/10]: Setting up ssl > [7/10]: Setting up browser autoconfig > [8/10]: configuring SELinux for httpd > [9/10]: restarting httpd > [10/10]: configuring httpd to start on boot >done configuring httpd. >Configuring ipa_webgui > [1/2]: starting ipa_webgui > [2/2]: configuring ipa_webgui to start on boot >done configuring ipa_webgui. >Configuring bind: > [1/5]: Setting up our zone > [2/5]: Setting up named.conf > [3/5]: restarting named > [4/5]: configuring named to start on boot > [5/5]: Changing resolve.conf to point to ourselves >done configuring named. >restarting the directory server >restarting the KDC >============================================================================== >Setup complete > >Next steps: > 1. You may need to open some network ports - specifically: > TCP Ports: > * 80, 443: HTTP/HTTPS > * 389, 636: LDAP/LDAPS > * 88, 464: kerberos > UDP Ports: > * 88, 464: kerberos > * 123: ntp > > 2. You can now obtain a kerberos ticket using the command: 'kinit admin' > This ticket will allow you to use the IPA tools (e.g., ipa-adduser) > and the web user interface. > >Be sure to back up the CA certificate stored in /etc/dirsrv/slapd-DSQA-SJC2-REDHAT-COM/cacert.p12 >The password for this file is in /etc/dirsrv/slapd-DSQA-SJC2-REDHAT-COM/pwdfile.txt >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ /etc/init.d/ntpd stop >Shutting down ntpd: [ OK ] >+ /usr/sbin/ntpdate kerberos.sjc.redhat.com > 3 Apr 06:51:18 ntpdate[3516]: step time server 10.14.63.11 offset -41.103050 sec >+ /etc/init.d/ntpd start >ntpd: Synchronizing with time server: [FAILED] >Starting ntpd: [ OK ] >+ mv /etc/resolv.conf /etc/resolv.conf-old >+ echo 'nameserver 127.0.0.1' >+ '[' '!' -f /etc/named.conf ']' >+ sed -i 's/dump-file/forwarders { 10.14.63.2; }; dump-file/g' /etc/named.conf >+ /etc/init.d/named restart >Stopping named: .[ OK ] >Starting named: [ OK ] >+ grep named >+ grep -v grep >+ grep named >+ ps -ef >named 3563 1 1 06:51 ? 00:00:00 /usr/sbin/named -u named >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ dig -x 10.14.0.110 @127.0.0.1 > >; <<>> DiG 9.4.2 <<>> -x 10.14.0.110 @127.0.0.1 >;; global options: printcmd >;; Got answer: >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26142 >;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2 > >;; QUESTION SECTION: >;110.0.14.10.in-addr.arpa. IN PTR > >;; ANSWER SECTION: >110.0.14.10.in-addr.arpa. 86400 IN PTR ipaqavm.dsqa.sjc2.redhat.com. > >;; AUTHORITY SECTION: >0.14.10.in-addr.arpa. 86400 IN NS ns1.rdu.redhat.com. >0.14.10.in-addr.arpa. 86400 IN NS ns2.rdu.redhat.com. > >;; ADDITIONAL SECTION: >ns2.rdu.redhat.com. 86400 IN A 10.11.255.27 >ns1.rdu.redhat.com. 86400 IN A 172.16.52.28 > >;; Query time: 6 msec >;; SERVER: 127.0.0.1#53(127.0.0.1) >;; WHEN: Thu Apr 3 06:51:30 2008 >;; MSG SIZE rcvd: 156 > >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ dig ipaqavm.dsqa.sjc2.redhat.com @127.0.0.1 > >; <<>> DiG 9.4.2 <<>> ipaqavm.dsqa.sjc2.redhat.com @127.0.0.1 >;; global options: printcmd >;; Got answer: >;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6390 >;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0 > >;; QUESTION SECTION: >;ipaqavm.dsqa.sjc2.redhat.com. IN A > >;; ANSWER SECTION: >ipaqavm.dsqa.sjc2.redhat.com. 86400 IN A 10.14.0.110 > >;; AUTHORITY SECTION: >dsqa.sjc2.redhat.com. 86400 IN NS ipaqavm.dsqa.sjc2.redhat.com. > >;; Query time: 0 msec >;; SERVER: 127.0.0.1#53(127.0.0.1) >;; WHEN: Thu Apr 3 06:51:30 2008 >;; MSG SIZE rcvd: 76 > >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ echo 'set timeout -1 >set send_slow {1 .1} >spawn /usr/kerberos/bin/kinit admin >match_max 100000 >expect "Password for admin" >sleep 1 >send -s -- "Secret123\r" >expect eof ' >+ /usr/bin/expect /tmp/kinit.exp >spawn /usr/kerberos/bin/kinit admin >Password for admin@DSQA.SJC2.REDHAT.COM: >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ /usr/sbin/ipa-finduser admin >Full Name: Administrator >Home Directory: /home/admin >Login Shell: /bin/bash >Login: admin > >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ echo 'set timeout -1 >spawn /usr/sbin/ipa-adduser newuser1 >match_max 100000 >expect "First name: " >send -- "new\r" >expect "new\r >Last name: " >send -- "user1\r" >expect "user1\r > Password: " >send -- "newpW1\r" >expect "Password (again): " >send -- "newpW1\r" >expect eof' >+ /usr/bin/expect /tmp/ipaadduser.exp >spawn /usr/sbin/ipa-adduser newuser1 >First name: new >Last name: user1 > Password: > Password (again): >newuser1 successfully added >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ echo 'set timeout -1 >spawn /usr/sbin/ipa-addgroup >match_max 100000 >expect "Group name: " >send -- "test-group\r" >expect "test-group\r >Description: " >send -- "test group for QA tests" >expect "test group for QA tests" >sleep 1 >send -- "\r" >expect eof' >+ /usr/bin/expect /tmp/ipa-addgroup.exp >spawn /usr/sbin/ipa-addgroup >Group name: test-group >Description: test group for QA tests >test-group successfully added >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ /usr/sbin/ipa-findgroup test-group >dn: cn=test-group,cn=groups,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com >GID: 1100 >Full Name: test-group >Description: test group for QA tests > >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ /usr/sbin/ipa-modgroup -a newuser1 test-group >newuser1 successfully added to test-group >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ /usr/sbin/ipa-findgroup test-group >+ /bin/grep newuser1 /tmp/findgroup.txt > new user1: uid=newuser1,cn=users,cn=accounts,dc=dsqa,dc=sjc2,dc=redhat,dc=com >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ /usr/sbin/ipa-modgroup -r newuser1 test-group >newuser1 successfully removed >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ /usr/sbin/ipa-findgroup test-group >+ /bin/grep newuser1 /tmp/findgroup.txt >+ ret=1 >+ '[' 1 == 0 ']' >+ /usr/sbin/ipa-deluser newuser1 >newuser1 successfully deleted >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ /usr/sbin/ipa-finduser newuser1 >+ grep -v 'No entries' /tmp/finduser.txt >+ grep newuser1 >+ ret=1 >+ '[' 1 == 0 ']' >+ echo 'set timeout -1 >spawn /usr/sbin/ipa-adduser testuser >match_max 100000 >expect "First name: " >send -- "new\r" >expect "new\r >Last name: " >send -- "user1\r" >expect "user1\r > Password: " >send -- "newpW1\r" >expect "Password (again): " >send -- "newpW1\r" >expect eof' >+ /usr/bin/expect /tmp/ipaadduser.exp >spawn /usr/sbin/ipa-adduser testuser >First name: new >Last name: user1 > Password: > Password (again): >testuser successfully added >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ set timeout -1 >+ echo 'set timeout -1 >spawn /usr/kerberos/bin/kpasswd testuser >match_max 100000 >expect -exact "Password for testuser@DSQA.SJC2.REDHAT.COM: " >send -- "newpW1\r" >expect -exact "\r >Enter new password: " >send -- "Secret123\r" >expect -exact "\r >Enter it again: " >send -- "Secret123\r" >expect eof' >+ /usr/bin/expect /tmp/testusernewpass.exp >spawn /usr/kerberos/bin/kpasswd testuser >Password for testuser@DSQA.SJC2.REDHAT.COM: >Enter new password: >Enter it again: >Password changed. >+ ret=0 >+ '[' 0 '!=' 0 ']' >+ /sbin/iptables -t nat -F >+ /sbin/iptables -F
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=300286">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 440153
: 300286